What is claimed is: 



CLAIMS 



1 . A method of securing a network device installed on a host comprising: 
initializing the network device without transmit functions; 
receiving notification that the host has been authenticated; and 

in response to receiving notification that the host has been authenticated, 
enabling transmit functions of the network device. 

2. The method of claim 1, wherein initializing the network device 
comprises initializing the network device without receive functions. 

3. The method of claim 2, further comprising in response to receiving 
notification that the host has been authenticated, enabling receive functions of the 
network device. 

4. The method of claim 3, wherein enabling receive functions of the 




network device comprises routing received data to a network stack. 



device after enabling transmit functions of the network device. 



server to download firewall policy information that is used by a firewall on the network 



5. 



The method of claim 1, further comprising accessing a firewall policy 
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6. The method of claim 5, wherein accessing a firewall policy server is 
performed before transmitting or receiving data from other clients or servers. 

7. The method of claim 5, wherein accessing a firewall policy server 
comprises authenticating the firewall policy server. 

8. The method of claim 5, wherein receiving notification that a host has 
been authenticated includes receiving notification that the host has been authenticated 
for a role, and wherein accessing a firewall policy server comprises downloading 
firewall policy information for the role. 

9. The method of claim 1, further comprising receiving firewall policy 
information communicated to the host and using the firewall policy information at a 
hardware based firewall on the network device. 
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10. A network device for use in a host on a network, the network device 
comprising: 

a network port adapted to send and receive network information; and 
a module that disables at least one of transmit and receive functionality 

to the network port of the network device until the network device is notified 

that the host has been authenticated. 

11. The network device of claim 10, further comprising a firewall adapted to 
prevent the network device from communicating with other devices according to 
firewall policy information stored at the firewall. 

12. The network device of claim 11, further comprising nonvolatile memory, 
and wherein the firewall policy information is stored in the nonvolatile memory. 

13. The network device of claim 11, wherein the network device is adapted 
to receive firewall policy information from a firewall policy server. 

14. The network device of claim 10, wherein the network device is 
embodied as a network interface card. 

15. The network device of claim 14, wherein the network device is 
embodied as a Secure CardBus network card. 

16. A network comprising: 
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a plurality of client computers wherein at least one of the client 
computers is adapted to disable at least one of transmit and receive functionality 
until a user at the at least one of the client computers has been authenticated. 

1 7. The network of claim 16, further comprising: 

a firewall policy server coupled to the at least one of the client 
computers, the firewall policy server containing firewall policy information that 
defines at least one of blocked ports, blocked clients and allowed clients; and 

wherein the at least one of the client computers comprises a firewall 
wherein the at least one of the client computers is adapted to receive firewall 
policy information from the firewall policy server. 

18. The network of claim 17, wherein the at least one of the client computers 
is configured to receive firewall policy information from the firewall policy server prior 
to communicating with other clients or servers comprised of the network. 
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19. A method of securing a network device installed on a host comprising: 
initializing the network device without receive functions; 
receiving notification that the host has been authenticated; and 

in response to receiving notification that the host has been authenticated, 
enabling receive functions of the network device. 

20. The method of claim 19, wherein enabling receive functions of the 
network device comprises routing received data to a network stack. 
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